• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
  • Mikalai Zaikin

Authentication via an LDAP server

Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hey guys i have created a php code that authenticates users via our LDAP server but i now instead of using PHP have to do this through glassfish

here is the working php code :


$authenticated = false;

# If that wasn't the case, then validate the username and password and set the session up.
if(!$authenticated && $_SERVER['PHP_AUTH_USER'] && $_SERVER['PHP_AUTH_PW']){
$ldap = ldap_connect("ldap://uni.ds.port.ac.uk") or die("Connection to AD failed.");

# This could be username@uni.ds.port.ac.uk instead but then anyone in AD could authenticate.
$username = "CN=".$_SERVER['PHP_AUTH_USER'].",OU=Students,OU=Users,OU=UNI,DC=uni,DC=ds,DC=port,DC=ac,DC=uk";

# Check you can bind with these credentials.
if($bind = ldap_bind($ldap, $username, $_SERVER['PHP_AUTH_PW'])) {
$result = ldap_search($ldap, "OU=Non Admin,OU=Staff,OU=Users,OU=UNI,DC=uni,DC=ds,DC=port,DC=ac,DC=uk", "CN=".$_SERVER['PHP_AUTH_USER']);
$authenticated = 1;

# If they aren't already authenticated by now, ask the browser to authenticate them.
header('WWW-Authenticate: Basic realm="Active Directory Login"');
header('HTTP/1.0 401 Unauthorized');

# This will be output if they press 'cancel' on the prompt.
echo 'You have failed to authenticate. Please login with a valid Active Directory username and password. ('.ldap_error($ldap).')';


Now i have to set up the glassfish sever, i am using netbeans to create a webapp that needs ldap authentication i have used, it is glassfish 3.1.2 btw, below is my code and set up i have used, but i can not get it to authenticate, what am i doing wrong ?

<form method="post" action="j_security_check">
<p>You need to log in to access protected information.</p>
<td>User name:</td>
<td><input type="text" name="j_username" /></td>
<td><input type="password" name="j_password" /></td>
<p><input type="submit" value="Login" /></p>
<p>Sorry--authentication failed. Please try again.</p>
This is a secure page

To create the actual Realm In Glassfish open the admin console (http://localhost:4848 in my dev environment). Select Configurations->server-config->Security->Realms click on new and start putting in the information. Type in a "Realm Name" whatever you want it to be called our case is MYREALM. The JAAS Context must be: ldapRealm the Directory is the ldap host ldap://hostname:389 and the Base DN is simply the DN that holds the users.

In my case it was ou=Company Users,dc=Company,dc=corp.

I left the "Assign Groups" empty.

The Additional properties section has these applicable properties (http://download.oracle.com/docs/cd/E19830-01/819-4712/ablpe/index.html):

group-base-dn="cn=Application Users,ou=Company Groups,dc=Company,dc=corp"

Note that I have quotes on these properties. I noticed that I had to put the properties in quotes into the console form in order for it to work. I had to delete and recreate the realm whenever I wanted to make a change because whenever I clicked on "save" the form would append extra quotes to the Properties specific to this Class section.

Once the realm is created you can add the following to your web.xml file in order to use it:

<display-name>Application Users</display-name>
<description>Application Users desc</description>
<role-name>Application Users</role-name>
<role-name>Application Users</role-name>
    Bookmark Topic Watch Topic
  • New Topic